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or to obtain a decryption key from a key 



1 . (Previously presented) A method for a decryp 
release agent comprising: 

a decryptor obtaining an encxyptic 
a decryption key to decrypt, the encryption block further comprising key related information 
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n block comprising a data ciphertext requiring 



associated with a first {public key, private key } pair, the encryption block further comprising a 
key ciphertext consisting of the decryption key e icryptcd by the first public key of the first 
{public key, private key} pair, the encryption blc ck not including an ACD (access controlled 
decryption) block; 

the decryptor generating a key release request containing the key ciphertext, and 
the key related information and outputting the key release request to the key release agent, the 
key release request for use by the key release ag|nt to locate decryptor authorization logic stored 
externally to tbe key release request that is to be (applied in determining whether or not to release 
the decryption key; 

in the event the decryption key is 
release response specifying the decryption key. 



to be released, the decryptor receiving a key 



2, (Previously presented) A method according to claim I further comprising 



the decryptor making decryptor ii 
decryptor information for use by the key release 



formation available to the key release agent, the 
agent in determining decryptor attributes, the 



decryptor attributes for further use in determining whether or not to release the decryption key, 

3. (Original) A method according to claim I further comprising the decryptor using the 
decryption key to decrypt the data ciphertext. 



4. (Original) A method according to claim 1 whpi 
information available to the key release agent comprises 



rein the decryptor making the decryptor 

including the decryptor information in 
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the key release request. 



claim 2 wherein the decryptor making the 



5. (Previously presented) A method according to c 
decryptor information available to the key release agent comprises the decryptor providing the 
decryptor information to the key release agent w ?ile establishing a secure connection with the 
key release agent. 



6. (Previously presented) A method according td claim 2 wherein the decryptor making die 
decryptor information available to the key rcleass agent comprises providing a decryptor 
identifier which may be used to look up decrypt 
key release request. 



>r attributes stored in a repository external to the 



7. (Original) A method according to claim I wh ^rein the key related information comprises a 
key pair identifier. 

8. (Original) A method according to claim 1 fur Sher comprising: 



before generating die key release 



request, the decryptor determining if the private 



key of the first {public key, private key} pair is available at the decryptor; 



upon determining the private key 



lof the first {public key, private key} pair is not 



available at the deciyptor generating the key release request. 

9. (Original) A method according to claim 1 finiher comprising: 

decrypting at least a portion of thb key release response containing an encrypted 
version of the decryption key using a private kejf of a second {public key, private key} pair to 
recover the decryption key. 

1 0. (Previously presented) A method according 
comprises a plurality of key related information 
{public key, private key} pairs, and a respectivejj 
the decryption key encrypted by the public key of a respective one of the plurality of first (public 
key, private key} pairs associated with the plurality of key related information, the method 
comprising: 



to claim I wherein the encryption block 
associated with a respective plurality of first 
plurality of key ciphertexts each consisting of 
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generating the key release request 
the associated plurality of key related inforroatioi i 

11. (Original) A method according to claim 10 farther comprising: 



containing the plurality of key ciphertexis, and 



before generating the key release 



of Lhc plurality of First {public key, private key} pairs is available at the decryptor; 

upon determining none of the pri\ ate keys of the plurality of first {public key, 
private key} pairs is available at the decryptor generating the key release request. 



12. (Cancelled) 

13. (Previously presented) A key release methoc comprising: 

receiving a key ciphertext and ke^f related information in respect of a key used to 
encrypt the key ciphertext from a decryptor; 



equest, determining if at least one private key 



locating deciyptor authorization 1 
of the key related information; 

obtaining decryptor information i 



Dgic stored externally to the decryptor with use 



i respect of the decryptor; 



deciding based on the decryptor information and the decryptor authorization, logic 
whether decryption of the key ciphertext is to be permitted. 

14. (Original) A method according to claim 13 ^herein the decryptor information is received 
from the decrypior together with the key ciphertext and key related information. 

1 5. (Original) A method according to claim 13 \yhcrein obtaining decryptor information 
comprises receiving the decryptor information while establishing a secure connection with the 
decryptor. 

1 6. (Original) A method according to claim 13 wherein obtaining deciyptor information 
comprises: 
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receiving from the decryptor a dediryptor identifier; 
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using the decryptor identifier to lookup decryptor attributes from a public 
repository, the decryptor identifier and decryptor -attributes together constituting the decryptor 
information. 

1 7. (Original) A method according to claim 1 3 f jirther comprising: 

using information in a certificate sis the decryptor information. 

i 

ii 

1 8. (Original) A meLhod according to claim 17 fiirther comprising: 



obtaining the certificate from a certificate repository, 

19. (Original) A method according to claim 17 I U 
together with the key ciphertext and key related 



20. (Original) A method according to claim 13 wherein the decryptor infomiation is an identity 
or role of the decryptor, an alias, or a claim of access rights or privilege, or some other attribute 
of the decryptor of a corresponding decrypting device or platform 

21. (Original) A method according to claim 13 ^herein the key related information comprises a 
key pair identifier. 

22. (Original) A method according to claim 13 ljurther comprising; 



decrypting the key ciphertext, re- 



{public key, private key} pair to produce a re-encrypted key, the private key of which is 



available to the decryptor, and sending the re-en 



23. (Original) A method according to claim 13 
decrypting the key ciphertext to 



sending the decryption key to tbejdecTyptor over a secure channel. 
24. (Original) A method according to claim 13 urther comprising: 



rther comprising receiving the certificate 
formation. 



encrypting the key using a public key of a 



;rypted key to the decryptor, 
urther comprising: 



1 



ibtain a decryption key; 
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decrypting the key ciphcrtext to obtain a decryption key; 

using a symmetric key available to the decryptor, encrypting the decryption key 
with the symmetric key to produce an encrypted lecryption key, and sending the encrypted 
decryption key to the decryptor. j 

25, (Previously presented) A method according jo claim 13 further comprising: 

receiving a plurality of key ciphertexts and respective key related information 
from the decryptor and determining whether at ldast one private key required to decrypt a 
respective at least one key ciphertext of the pluM lity of key ciphertexts is available; 

using the respective key related information to locate respective decryptor 
authorization Jogic stored externally to the decrybtor; and 

upon determining such at least one private key is available, deciding based on the 
decryptor information and the reispectivc decryptpr authorization logic whether dcciyption of at 
least one of the plurality of key ciphertexts is to pe permitted. 

26, (Original) A method to claim 25 further comprising: 

decrypting one of the key ciphertexts using a corresponding private key to recover 
a deciyption key. 

27, (Previously presented) A method according to claim 25 wherein deciding based on 
decryptor information of the decryptor and the respective decryptor authorization logic whether 
decryption of at least one of the key ciphertexts |s to be permitted comprises applying the 
respective decryptor authorization logic associated with each public key used to encrypt the 
deciyption key to the decryptor information to determine whether the decryptor should be 
permitted access to the decryption key, [ 

28, (Previously presented) A method accordingly claim 13 wherein deciding based on 
decryptor information of the decryptor and the decryptor authorisation logic whether deciyption 
of the key ciphcrtext is to be permitted comprises applying at least one rule of the decryptor 
authorization logic associated with the public tay used to encrypt the decryption key to the 



PAGE 8/13 * RCVD AT 5/4/200? 4:07:43 PM [Eastern Daylight Time] 1 SVR:USPT0-EFXRF-2/1 1 * DNIS:2738300 * CSID:6132328440 * DURATION (mm-ss):05-06 



Best Available Copy 

MAY-04-2007 16:09 FROM: 6132328440 



TO:USPTO 



P.9'13 



Appl.No. 09/746,015 

decryptor information to determine whether the decryptor should be permitted access to the 
decryption key. i 

29. (Previously presented) A method or controlling access to a decryption key comprising; 

i 

receiving from a decryptor a key please request comprising decryptor 
information and the decryption key encrypted using a public key; 



locating decryption authorization 
with use of the public key; 



determine whether the decryptor should be perm 



ogic stored externally to the key release request 



applying the decryption authoriza ion logic to the decryptor information to 



bed access to the decryption key; 



upon determining the decryptor sllould be permitted access to the decryption key, 
sending a key release response specifying the decryption key. 



30. (Previously presented) A method of controll! 



ng access to decryption keys comprising: 



maintaining a private key repository comprising a plurality of access identifiers, 
and for each access identifier at least one key related information of a respective {public key, 
private key} pair, the rcpositoiy also containing |hc private key of each {'public key, private key} 
pair; 

I! 

receiving a key release request containing a decryption key encrypted using a 
public key of a {public key, private key} pair anjji containing a key related information 
associated with the {public key, private key} pair; 

| 

maintaining a repository' residing 'externally to the key release request associating 
each access identifier with respective decryptor authorization logic that can be applied to a 
decryptor information; 

obtaining decryptor information; 

for each access identifier in association with which the key related information is 
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stored, applying the respective decryptof authorisation logic to the decryptor information 
specified in the key release request; 



in the event the decryptor informal 
decryptor authorization logics, decrypting the cipj 
sending a key release response to the decryptor 



ion satisfies at least one of the respective 
hertext to recover the decryption key, and 



i 

specifying 



31. (Cancelled) 

32. (Cancelled) 

33. (Previously presented) A decryptor comprising: 

I 

means for obtaining an encryptior j block comprising a data ciphertext requiring a 
decryption key to decrypt, the encryption block ilirthcr comprising key related information 
associated with a first {public key, private key } pair, the encryption block further comprising a 
key ciphertext consisting of the decryption key cjjicrypted by the first public key of die first 
{public key, private key} pair, the encryption blcjck not including an ACD (access conttolled 
decryption) block; 

means for generating a key release request containing the key ciphertext, and the 
key related information and outputting the key release request to the key release agent; 



fying the decryption key. 



means for making decryptor 
decryptor information for use by the key release 
stored externally to the key release request that i 
release the decryption key; 



information available to the key release agent, the 
agent to obtain decryptor authorization logic 
i to be applied in determining whether or not to 



means for receiving a key release 



34. (Cancelled) 



35. (Previously presented) A decryptor according to claim 33 further comprising means for 
using the decryption key to decrypt the data cipl]ertext. 
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36. (Original) A decryptor according to clam 33 adapted to make the decryptor information 
available to the key release agent by including (he decryptor information in the key release 
request. 



37. (Original) A decryptor according to claim 33 



least a portion of the key release response contaiiiing an encrypted version of the decryption key 
using a private key of a second {public key, private key \ pair to recover the decryption key, 

38. (Previously presented) A key release agent cDmprising: 

means for receiving from a decryi tor a key ciphcrtext and key related information 
in respect of a key used to encrypt the key cipher text; 



means for locating decryptor auth 
with use of the key related information; 



further comprising means for decrypting at 



jrization logic stored externally to the decryptor 



means for obtaining decryptor in formation in respect of the decryptor; and 

means for deciding based on decryptor information of the decryptor and the 
decryptor authorisation logic whether decryption of the key ciphcrtext is to be permitted. 

39. (Original) A key release agent according to llaim 38 adapted to receive the decryptor 
information together with the key ciphcrtext andjkey related information. 

40. (Previously presented) A key release agent according to claim 38 adapted to use a decryptor 
identifier to lookup decryptor attributes from a repository, the decryptor identifier and decryptor 
attributes together constituting the decryptor information. 



41. (Previously presented) A key release agent 
decrypting means for decrypting 



ccording to claim 38 further comprising: 



he key ciphertext; 



encryption means for re-encrypting the key using a public key of a {public key, 



private key} pair to produce a rc-encrypted key, 
decryptor; 



the private key of which is available to the 
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means for sending tbe re-encrypted key to the decryptor. 



i 



42. (Previously presented) A key release agent according to elaim 38 further comprising: 

means for applying decryptor authorization logic associated with each public key 
used to encrypt the decryption key to the decryptlr information for determining whether the 
decryptor should be permitted access to the decryption key. 
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